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Description 

This invention relates to a telecommunications 
security device for use on the public switched 
telephone network to prevent access to a user 
device connected to a telephone line on the tele- 
phone network and to a security key which may or 
may not be used with the security device. 

Various security devices are currently available 
or have been disclosed in patent applications. Ini- 
tially such security devices depended wholly upon 
the memory of the user to enter a secret user ID 
and a security code. However this technique is 
very open to abuse in that the security codes can 
be inadvertently transferred to unauthorized people 
or can be stolen. In other cases "hackers" can 
break the security codes by trying various different 
combinations and even if they are unable to break 
the code they can tie up telephone lines for long 
periods of time by the attempts to do so. 

Recent more sophisticated techniques have in- 
volved filter or switching boxes inserted imme- 
diately prior to the user equipment These devices 
generally include a central device at the equipment 
to be accessed together with a number of subsid- 
iary devices which are issued to authorized users. 
On receipt of a telephone call, therefore, the central 
device issues a code signal on the line for receipt 
by the subsidiary device. The subsidiary device is 
then expected to re-issuB a security code far rec- 
ognition by the central device. 

These devices use a technique whereby the 
initial signal generates by a suitable calculation or 
algorithm within the subsidiary device the return 
security signal for receipt and comparison by the 
central device which is doing the same calculation. 
However this arrangement is open to breaking by 
an unauthorized person sampling signals on the 
line and deducing the algorithm or calculation in- 
volved from a number of issued signals and re- 
sponse security signals. Examples of this type of 
system are disclosed in US-A-4626623, 4691355 
and 4450535. 

SUMMARY OF THE INVENTION 

It is one object of the present invention, there- 
fore, to provide an improved security device for 
use on the public switched telephone network 
which is of a relatively simple and inexpensive 
nature and yet provides improved security against 
line tapping techniques. 

According to the invention, therefore, there is 
provided a telecommunications security device for 
use on the public switched telephone network com- 
prising a first and a second unit each adapted for 
placing in a respective telephone line between a 
user device and the telephone network, each of 



said units including memory means storing a plu- 
rality of security codes, said stored security codes 
in the first unit being identical to those in the 
second unit, said first unit including control means 

s having means responsive to receipt of a telephone 
call on said respective telephone line and signal 
issuing means arranged to issue on said line a 
signal associated in said memory with one of said 
security codes on receipt of said telephone cali, 

70 said second unit including control means having 
means responsive to receipt of said signal to ex- 
tract from said memory said one security code 
associated therein with said signal and to issue on 
its respective telephone line said extracted security 

76 code, said first unit control means further including 
means for comparing a received security code on 
said telephone line with said one security code and 
for allowing transmission to said respective user 
device of said telephone call only upon a match of 

20 the received security code and said one security 
code, said signal issuing means being arranged, 
upon receipt of each following telephone cali on 
said line, to issue on said line a signal associated 
with another of said security codes. 

26 Preferably the security code and the asso- 

ciated signal are stored in pairs together in the 
memory and the first unit is arranged to extract the 
associated signals in turn so that each security 
code is used once and then the unit moves on to 

30 the next security code. The unit can include a 
device which indicates when all of the security 
codes have been used so that if desired the user 
can replace the memory with a fresh memory 
including a whole new set of security codes. 

35 For this purpose the memory is preferably in a 

separate security key so that a whole set of secu- 
rity keys can be purchased together for insertion 
into the first unit and any number of second units 
positioned at authorized users. 

40 The use of a memory to store a set of security 

codes together with the associated signal rather 
than the prior art arrangement of calculating from 
an input signal a security code by a repeatable 
mathematical function ensures that there is no 

45 code to be broken and it is not possible to predict 
a particular security , code from monitoring past 
events. 

It is a further object of the present invention to 
provide a security key which may be used with the 

so above security device or may be modified to act as 
a secure memory for other similar devices such as 
encryption devices or other devices where a mem- 
ory is required storing secret information for use by 
a separate unit. 

55 According to the invention, therefore, there is 

provided a security key for providing a memory for 
storing required information for a security unit com- 
prising a memory, a security logic circuit providing 
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access to the memory and a casing supporting 
said memory and circuit whereby the key can be 
extracted and removed from the unit, said circuit 
including means providing a first state in which the 
required information can be written into the mem- 
ory, a second state in which the memory is sealed 
and cannot be read, and a third state in which the 
memory can be read, said state providing means 
being arranged to prevent transfer from said third 
state to said second state except by said first state 
and erasing of information in said memory, means 
for receiving a command signal for transferring 
from said second state to said third state and 
means for indicating that said command signal has 
been received. 

With the foregoing in view, and other advan- 
tages as will become apparent to those skilled in 
the art to which this invention relates as this speci- 
fication proceeds, the invention is herein described 
by reference to the accompanying drawings for- 
ming a part hereof, which includes a description of 
the best mode known to the applicant and of the 
preferred typical embodiment of the principles of 
the present invention, in which: 

DESCRIPTION OF THE DRAWINGS 

Figure 1 is a simple schematic illustration 
showing the connection of the security device ac- 
cording to the invention within the public switched 
telephone network. 

Figure 2 is a block diagram of one unit of the 
telecommunications security device of Figure 1 . 

Figure 3 is a block diagram of the security key 
for connection to the unit of Figure 2. 

Figure 4 is a flow chart for the second unit 
which acts as a remote or originating unit. 

Figure 5 is a flow chart for the first unit which 
acts as a central or receiving unit. 

Figure 6 is a front elevational view of a rack 
storing a plurality of the units of Figure 2. 

Figure 7 is a circuit diagram of the security 
logic circuit of Figure 3. 

In the drawings like characters of reference 
indicate corresponding parts in the different figures. 

DETAILED DESCRIPTION 

The security device according to the invention 
provides a first unit and a second unit indicated at 
10 and 11 respectively in Figure 1 each of which is 
connected between the public switched telephone 
network indicated generally at 12 and a user device 
13, 14. 

In many cases the user device 13 will com- 
prise a central access port which is intended to be 
accessed by a number of remote units one of 
which is indicated at 14. The use of the public 



switched telephone network provides of course the 
convenience of near universal access. However this 
access also provides the opportunity for un- 
authorized users to enter or attempt to enter the 

5 port and tamper with or extract information from 
the central port. 

Although the invention therefore is shown as 
including only two such units there may be a large 
number of units provided only to authorized users. 

io The units supplied to authorized users can be 
provided in a suitable plastics box having conven- 
tional jack plugs which enable the unit to be coup- 
led into the telephone line immediately adjacent 
the user device which may be a computer terminal 

15 including a modem or other equipment. In addition 
the casing of the unit can include the necessary 
and conventional sealing arrangements to prevent 
tampering or stealing of the unit itself. However 
these features are not part of the present invention 

20 and therefore will not be described in detail. 

Turning now to the unit as shown in Figure 2, 
this comprises a central microprocessor 20 includ- 
ing a connector to a key module or security key 
indicated at 21 with the key itself being shown in 

25 detail in Figure 3. The unit further includes jack 
plugs 22 and 23 as previously described which are 
of a conventional type for connection to the tele- 
phone line. A telephone interface 24 is connected 
across the lines 25 and 26 for receiving signals on 

30 the line and for injecting signals back onto the line 
for transmission to the remote equipment The in- 
terconnection between the telephone interface 24 
and the microprocessor 20 includes signal con- 
ditioning devices 27 of conventional form. Further 

35 devices connected across the telephone line in- 
clude an answer detect unit 28 and an incoming 
call detect unit 29 again of conventional construc- 
tion. Finally, connected in one or both of the lines 
is a transmission gate 30 which is under the control 

40 of the microprocessor via a driver 31 which there- 
fore allows or prevents access to the user equip- 
ment attached to the jack 23 depending upon the 
conditions sensed by the microprocessor as ex- 
plained in detail hereinafter. 

45 The microprocessor also has attached thereto 

an address decode unit 32 connected to a ROM 
33. The microprocessor also drives a number of 
indicators 34 through a driver 35 and receives input 
from a test button 36. 

so The security key or key module is shown at 

21 A in Figure 3 again in block form and comprises 
a connector 210 for connection to the connector 21 
of the unit of Figure 2. The connector commu- 
nicates with a security logic circuit 211 which in 

55 turn communicates with a memory storage 212 
including a data register 213 and an address regis- 
ter 214 whereby information can be introduced into 
the memory storage and extracted from the mem- 
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ory storage under control of the security logic 21 1 . 

The microprocessor 20 of the unit is preferably 
a Motorola MC1 46805 or equivalent. The processor 
is supported by a timing crystal. The address de- 
code unit 32 and the ROM 33 are provided in 
accordance with operating instructions of the pro- 
cessor. 

For convenience of manufacture and also to 
enable the units to be used in a situation where 
each party is free to call the other that is calls can 
originate at either of the units 10 and 11, the units 
are identical and each can carry out the functions 
as explained hereinafter. However if required, each 
can be limited to one of the functions by storage of 
a simple command in the microprocessor. 

Turning now to the flow chart of the receiving 
unit shown in Figure 5, the unit will leave idle state 
upon detection of an answer condition of an incom- 
ing call. The public switched telephone network or 
PSTN provides an incoming call indication to the 
address required usually by application of a voltage 
to the line intended to cause the audible ringing 
common to most voice telephone terminal equip- 
ment. When the telephone terminal equipment pro- 
vides an answer indication, usually by drawing 
more than a certain amount of direct current from 
the PSTN, the PSTN will create a communication 
channel between the call originator and the destina- 
tion. Thus the answer detect unit 28 of Figure 2 
detects the answer condition provided by the user 
equipment attached to the jack 23. This answer 
detect is communicated to the microprocessor. The 
microprocessor then acts to retrieve from the secu- 
rity key memory 212 operating frequencies which 
act as an identity interrogation signal for transmis- 
sion on the line. The operating frequency signal is 
transmitted via the telephone interface 24 on the 
line to the remote location from which the call is 
originated. 

This operating frequency signal which is also 
stored In the memory of the originating unit acts as 
an interrogation signal requiring the originating unit 
to submit an identity signal as will be explained 
hereinafter. 

This arrangement whereby the microprocessor 
responds" to the telephone call by the operating 
frequency avoids the line returning the carrier tone 
which is usually provided by a computer port 
modem and provides the characteristic tone which 
indicates to the knowledgeable telephone user that 
the line is connected to a computer modem. This 
feature therefore prevents "hackers" from discover- 
ing computer ports by scanning telephone ex- 
changes looking for the characteristic tone. 

The microprocessor simultaneously with con- 
trolling the transmission of the ID interrogation sig- 
nal starts a timer providing a period of time in 
which the required ID signal must be received. 



On receipt of an ID signal within the required 
period of time, the ID signal is checked to be of a 
proper format and stored in the memory for future 
use. The microprocessor 20 then moves to extract 

5 from the memory one of the plurality of pass code 
requests for transmission through the interface 24. 

The memory 212 of the security key is ar- 
ranged to provide sufficient amount of memory to 
store for example 500 pairs of 32 bit security 

10 codes and associated request signals. Thus the 
memory is divided into memory location pairs with 
each pair including a first signal which will be 
transmitted and a second signal which will be ex- 
pected in reply. 

75 The microprocessor 20 is arranged so that it 

looks in the memory to each pair in turn and 
extracts from that pair the request signal for trans- 
mission on the line. The key functions by receiving 
an address, in serial form, from the processor, 

20 decoding the address and returning the data at that 
address to the processor, also in serial form. The 
address information will be as large as rt needs to 
be to uniquely select data from the key. This will 
be at least 24 bits but may need to be larger for 

25 some applications. 

Having thus selected the next in turn request 
signal from the connected security key memory, 
and transmitted this on the telephone line through 
the interface 24, the microprocessor again starts a 

30 timer circuit providing a short period of time in 
which it expects to receive the required security 
code. 

On receipt of a security code, the microproces- 
sor acts to extract from the memory the security 

35 code associated in the memory with the request 
signal previously extracted. The processor then 
acts to compare the received security code with 
the expected security code. On obtaining a match 
between the security codes, the microprocessor 

40 acts to control the gate 30 through the driver 31 to 
open the transmission gate to allow communication 
between the network and the user equipment. 

In order therefore to obtain the necessary 
opening of the transmission gate, it is necessary 

45 for the microprocessor to initially receive an ID 
signal of the required format within a required 
period of time and subsequently to receive the 
required pass code or security code again within 
the required period of time. 

so After the transmission gate has been opened, 

the microprocessor acts to monitor a disconnect of 
the communication channel and upon detecting 
such a disconnect acts to close the transmission 
gate. It is then in the position to receive a further 

55 incoming call and repeat the cycle. On such receipt 
of a further call, it will be appreciated that the unit 
follows the same procedure expect that it extracts 
from the memory unit the next pair of ID request 
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signal and associated security code so that the 
signal and expected returned code are total!/ dif- 
ferent and in no way connected with the signals 
previously issued. 

As shown in the flow chart of Figure 5, it will be 
noted that if the ID signal is not received within the 
required period of time that is the time up signal is 
generated by the timer circuit, the microprocessor 
moves to the next step of issuing the pass code 
request. It cannot therefore act to open the trans- 
mission gate if the ID signal is not received in due 
time. Thus if the response is not received in time, 
the device will proceed automatically to the pass 
code request but the pass code will not be 
checked and no communication will be allowed to 
the terminal equipment. The microprocessor in- 
cludes a simple calculation algorithm for develop- 
ing a false request signal similar to but different 
from the actual stored signals so as to avoid using 
an actual signal which could give out information. 
The device will always behave in the same way 
regardless of the information it is given in order to 
provide an unauthorized user with no information 
that might assist in by-passing the device. Similarly 
if the pass code is not received or is not received 
in time the microprocessor moves to the discon- 
nect procedure and reverts to the idle state waiting 
for a new call. 

Turning now to the flow chart of the originating 
unit shown in Figure 4, the device will leave idle 
state upon the detection of an outgoing call origi- 
nating at the terminal equipment with which the unit 
is associated and acts to fetch the operating fre- 
quencies. It then acts to look for the operating 
frequencies issued by the receiving unit and on 
receipt of the ID interrogate signal will act to open 
the transmission gate and fetch the ID from the 
memory and to transmit the ID on the line via the 
interface 24. It will then enter a wait loop for the 
pass code request from the receiving unit. When 
the request is received, the microprocessor 20 will 
act to retrieve and send from the memory the pass 
code associated with the ID request signal In the 
memory. If an incorrect request signal is received, 
the microprocessor on failing to find a match in the 
memory acts to generate, by an algorithm a false 
pass code which is then sent to avoid the release 
of information about the system. The unit then 
remains in connected state until it detects a dis- 
connect of the communication channel following 
which it will close the transmission gate. 

Thus the unit can act, as previously explained, 
either as a receiving unit or as an originating unit 
and the microprocessor acts accordingly to extract 
the relevant information from the memory as re- 
quired. 

Turning now to the indicators associated with 
the microprocessor 20, these are arranged to be 



driven briefly when the equipment attached to the 
unit is taken off hook so that the unit extracts 
power from the telephone line for a short period of 
time sufficient to drive the indicators briefly for 

s observation by the user. 

The first of the indicators shown at 341 is used 
to indicate when all of the memory locations in the 
memory have been used once that is alt of the 
pairs of request signals and associated security 

10 codes have been used and thus will be repeated if 
the unit continues to use the same memory stor- 
age. 

The second indicator shown at 342 will be 
illuminated if the unit detects receipt of a security 

15 code which fails to properly match with the ex- 
pected security code. This will indicate that an 
unauthorized user has attempted to breach the 
security and has failed to do so. The third indicator 
shown at 343 is used to show that a newly intro- 

20 duced key has previously been read as will be 
explained in more detail hereinafter. The test but- 
ton 36 is used to reset the indicators 341, 342 and 
343 so that after the information has been ex- 
tracted the indicators revert to their initial condition. 

26 Turning now to Figure 6, there is shown a rack 

unit for storing a plurality of security units each of 
the type shown in Figure 2. Such a rack unit is 
generally indicated at 50 and is used in conjunction 
with a multi-port access terminal so that each unit 

30 is associated with a respective one of a plurality of 
telephone lines. The units each act in thB manner 
previously described but can be coupled together 
so as to provide on a common bus information 
concerning the received ID signals, times of con- 

35 nect and times of disconnect and also the informa- 
tion concerning improper pass codes. Such a rack 
unit can comprise simple receiving areas 51 for a 
circuit board 52 so that the unit can be provided 
without the necessary housing necessary for a sin- 

40 gle unit. The rack unit can then be coupled to a 
conventional printer or other data equipment to 
print out information extracted from the individual 
units. Such information can be used for keeping a 
record of access by various authorized users by 

45 way of their received ID for billing or other pur- 
poses. 

Turning now to the security key of Figure 3, it 
will be appreciated that this key is mounted in a 
housing 215 so that it is separable from the unit 
so itself and thus a complete set of identical keys can 
be obtained for a group of the units and introduced 
or replaced whenever necessary. Thus when the 
memory has been used once it is a simple matter 
to replace the keys by re-written keys with a new 
55 memory storage each of which of course is iden- 
tical except for the unique ID. 

The security logic circuit 21 1 controls the read- 
ing and writing of the pairs of request signals and 
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security codes within the memory storage. The 
security logic circuit is arranged so that after writ- 
ing the required information into the memory it can 
receive a seal command which acts to prevent the 
security logic circuit re-transmitting the information 
from the memory storage. 

Turning therefore to Figure 7, a simple circuit 
diagram is shown for the security logic circuit of 
Figure 3. Specifically the circuit includes the conn- 
nector 210 for connection to the connector 21 of 
the main unit. The connector 210 includes a first 
line 216 and a second line 217 indicated as "seal" 
and "unseal" respectively which are connected to a 
pair of flip flops 218 which in conventional manner 
have two separate states indicated at 0 and 1 
respectively. The outputs of the two separate flip 
flops 219 and 220 of the pair 218 are coupled at 
221 and 222 to an exclusive or-gate 223 of conven- 
tional form. The output from the exclusive or-gate 

223 indicated at 224 acts to enable or disable the 
memory or RAM 212 depending upon the output 
on the line 224, that is a state 0 acts to enable the 
RAM and a state 1 to disable the RAM. 

The key further includes a battery 225 which is 
connected through the connector 210/21 to provide 
power to the memory 212 for retaining the memory 
when the device is disconnected from the main 
unit. A secondary power from the unit is provided 
on the line 226 through a regulator 227 so that the ' 
battery power is only used for storage when the 
key is disconnected. 

The flip flops 218 can only be reset via a reset 
unit 228 so that once switched from 0 state to the 1 
state remain in that state until reset. 

In a first state of the key after initial manufac- 
ture and prior to insertion of any records into the 
memory, both the flip flops are at 0 state thus 
providing a state 0 on the line 224 to enable 
connection to the memory 21 2. At this time the link 
indicated at 230 is disconnected and the line 224 is 
at state 0, hence there is no power to the memory. 

At the next stage the key is inserted into the 
unit thus completing the connection at 230 and 
providing power to the memory or RAM 212. At 
this state the memory can be written with the 
necessary information and the memory reread to 
provide a verification of the necessary information. 

At this time a seal command can be supplied 
on the line 216 1rom the main writing unit thus 
putting the first flip flop 219 into a state 1. The line 

224 thus turns to the state 1 disabling the RAM. 

In this condition the key can be separated from 
the writing unit and sent to the remote destination 
using normal channels. Power to the RAM is sup- 
plied by the battery 225 through a line 231 , or-gate 
223 and line 224. 

When received at the remote destination for 
usage, the key is inserted into the unit and con- 



nected thus to the connector 21 . The first action of 
the security unit on receiving a telephone call, that 
is if the hand set is lifted at the user equipment, is 
to attempt to read the memory. An indicator on the 

5 security unit is illuminated to show that the unit is 
unable to read the memory so that the user can 
immediately see if the memory can be read. If the 
memory can be read it has thus received an unseal 
command as explained hereinafter and thus has 

jo been or may have been read and thus is no longer 
secure. 

If the memory is unable to be read, that is it 
has not yet received the unseal command, the 
pressing of the button 36 acts to send an unseal 

is command on the line 21 7 thus changing the state 
of the flip flop 220 to a state 1 which provides a 
state 0 on the line 224 thus enabling the RAM. 
Power to the RAM is supplied at this stage via the 
regulator 227 and the link 230. 

20 The security key can thus continue to be used 

while connected to the security unit and provides 
the memory as previously explained. 

However, on separation from the main unit the 
link 230 is severed and the line 224 is at state 0 

25 thus providing no power to the RAM and erasing 
the memory. 

The flip flops 218 can only be reset subse- 
quent to complete erasing of the memory through 
the reset unit 228. In other words the unit 228 only 

30 acts upon the removal of power from and subse- 
quent restoration of power to the RAM and thus 
once the flip flop 220 has been changed to the 
state 1, It cannot be reverted to state 0 without 
erasing the memory. This technique does therefore 

35 not necessarily prevent the memory being read but 
certainly provides an indication in a simple manner 
that it may have been or has been read whereupon 
immediate knowledge is obtained of the breach of 
security following which all of the keys including 

40 that memory can be re-written with fresh informa- 
tion. 

Instead of the hardware described above in 
relation to Figures 3 and 7, the functions described 
could be performed by a microprocessor pro- 

45 grammed with suitable logic. 

The telecommunications security device there- 
fore provides a number of advantages. Firstly It is 
resistant from any communication based break-in 
attempt including those involving line tapping since 

so recording of previous information gives no details 
whatever concerning later required passwords. 
Secondly the unit is completely user transparent 
that is no action is required by the user and it does 
not rely upon any memory of the user to actuate 

55 the transmission gate. Thirdly the unit does not in 
any way interfere with the use of the telephone 
equipment to communicate with other unsecured 
telephone addresses. 
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The key arrangement itself and particularly the 
security system whereby the key records the re- 
ceipt of the necessary command to read the key 
can be used with other equipment following suit- 
able modification to the stored memory and logic 5 
circuit as will be apparent to one skilled in the art. 
Such other equipment could be encryption devices 
where the necessary code for the encryption is 
stored in the memory and can be replaced by 
replacement or re-writing of the memory. w 

In order to provide further security against 
reading of a key, the security logic circuit or the 
main unit microprocessor includes means for gen- 
erating a number similar to a security code when a 
signal similar to a security code request signal is is 
received. Thus in order to read all the codes from 
the memory it is necessary to enter a very large 
number of possible numbers, very much larger 
than the number of security codes actually stored. 
As the security codes and the associated signals 20 
are chosen at random from a 32 bit binary number 
it is necessary to enter all such possible numbers 
in order to read the associated security code. Of 
course many of the numbers will not have a secu- 
rity code since they are not stored as associated 25 
signals but the device lor generating the number 
similar to the security code will produce a number 
thus requiring the equipment reading the memory 
to store ail the received security code numbers 
since it will not know which ones are proper ones 30 
and which ones are not. 

In addition information stored in the key can 
restrict operation of the associated unit to permit or 
deny incoming or outgoing calls as required. 

35 

Claims 

1. A telecommunications security device for use 
on the public switched telephone network com- 
prising a first and a second unit each adapted 40 
for placing in a respective telephone line be- 
tween a user device and the telephone net- 
work, said first unit including control means 
having means responsive to receipt of a tele- 
phone call on said respective telephone line 45 
and signal issuing means arranged on receipt 
of said telephone call to issue on said line a 
security code request signal, said second unit 
including control means having means respon- 
sive to receipt of said security code request so 
signal to generate a security code associated 
with said security code request signal and to 
issue on its respective telephone line said se- 
curity code, said first unit control means further 
including means for comparing a received se- 55 
curity code on said telephone line with a secu- 
rity code therein and for allowing transmission 
to said respective user device of said tele- 



phone call only upon a match of the received 
security code and said security code therein, 
characterized in that each of said units (10,11) 
includes memory means (212) storing a plural- 
ity of security codes, said stored security 
codes in the first unit (10) being identical to 
those in the second unit (11) and each security 
code being associated in said memory with a 
respective security code request signal where- 
by said second unit (11) generates said secu- 
rity code by extracting from the memory that 
security code which is associated with the re- 
spective security code request signal, and in 
that said signal issuing means is arranged, 
upon receipt of each following telephone call 
on said line, to issue on said line a security 
code request signal associated with another of 
said security codes. 

2. The invention according to Claim 1 wherein the 
signal issuing means (20) is arranged to select 
each security code in turn and for each re- 
ceived telephone call to issue a security code 
request signal associated with the security 
code which is next in turn. 

3. The invention according to Claim 2 including 
means (341) for indicating when all of said 
security codes have been selected. 

4. The invention according to Claim 1, 2 or 3 
wherein said memory means (212) is arranged 
such that each security code and each said 
associated security code request signal are 
both stored in said memory whereby said sig- 
nals and said security codes are randomly 
chosen from a number larger than the number 
of security codes. 

a The invention according to Claim 1 wherein the 
second unit (11) control means includes means 
(20) for generating a code similar in appear- 
ance to a security code when a signal similar 
in appearance to but different from a security 
code request signal is received by said second 
unit. 

6. The invention according to Claim 1 wherein 
said memory means (212) of each of said units 
is provided in a security key device (21 A) 
separable from said first and second unit. 

7. The invention according to Claim 6 wherein the 
security key device (21 A) includes a security 
logic control unit (211) arranged, upon writing 
of said security codes into said memory (212), 
to prevent reading of said security codes from 
said memory means until receipt of a com- 
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mand and to record receipt of said command, 
said unit including means (343) for determining 
and indicating receipt of said command in said 
key, said determining means being actuated 
on insertion of said key into said unit whereby 5 
a user can determine whether a security key 
has been read prior to insertion into said unit. 

8. A security unit including a memory for storing 
required information for carrying out functions io 
in said unit characterized in that there is pro- 
vided a security key (21 A) including said mem- 
ory (212), a security logic circuit (211) provid- 
ing access to the memory (212), a casing 

(215) supporting said memory (212) and circuit is 
(211) whereby the key (214) can be extracted 

. and removed from the unit (10,11), said circuit 
including means providing a first state in which 
the required information can be written into the 
memory, a second state in which the memory 20 
is sealed and cannot be read, and a third state 
in which the memory can be read, said state 
providing means (218) being arranged to pre- 
vent transfer from said third state to said sec- 
ond state except via said first state and erasing 26 
of information in said memory, and means 

(216) for receiving a command signal for trans- 
ferring from said second state to said third 
state, and in that said unit includes means 
(343) for detecting that said command signal 30 
has been received. 

9. The invention according to claim 8 wherein 
said detecting means (343) comprises means 

for reading said memory and providing an in- as 
dication that said memory is readable. 



des Telefonanrufs eingerichtet ist, wobei die 
zweite Einheit eine Steuereinrichtung mit einer 
Einrichtung aufweist, die auf den Eingang des 
Sicherheitscodeanforderungssignals anspricht, 
um einen dem Sicherheitscodeanforderungssi- 
gnal zugeordneten Sicherheitscode zu erzeu- 
gen und den Sicherheitscode auf ihrer entspre- 
chenden Fernsprechleitung auszugeben, und 
wobei die Steuereinrichtung der ersten Einheit 
des weiteren eine Einrichtung zum Vergleich 
eines in der Fernsprechleitung eingegangenen 
Sicherheitscodes mit einem in ihr befindlichen 
Sicherheitscode und zur Ermoglichung einer 
Qbertragung des Telefonanrufs auf die Anwen- 
dereinrichtung nur bei Obereinstimmung zwi- 
schen dem eingegangenen Sicherheitscode 
und dem in ihr befindlichen Sicherheitscode 
aufweist, dadurch gekennzeichnet. dafl jede 
der Einheiten (10, 11) eine eine Vielzahl Si- 
cherheitscodes speichernde Speichereinrich- 
tung (212) aufweist, wobei die in der ersten 
Einheit (10) gespeicherten Sicherheitscodes 
mit denen in der zweiten Einheit (1 1 ) identisch 
sind und jeder Sicherheitscode in der Spei- 
chereinrichtung einem entsprechenden Sicher- 
heitscodeanforderungssignal zugeordnet ist, 
wodurch die zweite Einheit (11) den Sicher- 
heitscode durch Auswahl des dem entspre- 
chenden Sicherheitscodeanforderungssignal 
zugeordneten Sicherheitscodes aus der Spei- 
chereinrichtung erzeugt, und dafl die Signal- 
ausgabeeinrichtung bei Eingang jedes folgen- 
den Telefonanrufs in der Fernsprechleitung ein 
einem anderen der Sicherheitscodes zugeord- 
netes Sicherheitscodeanforderungssignal aus- 
gibt. 



10. The invention according to claim 8 or 9 
wherein said unit and said key (21 A) are ar- 
ranged whereby removal of said key from said 
unit causes power to be removed from said 
memory (212). 

Pate ntansprU che 

1. Tetekommunikations-Sicherheitsvorrichtung zur 
Anwendung beim tfffentlichen Fernsprechnetz, 
mit einer ersten und einer zweiten Einheit, die 
beide zur Anordnung in einer entsprechenden 
Fernsprechleitung zwtschen einer Anwender- 
einrichtung und dem Fernsprechnetz geeignet 
sind, wobei die erste Einheit eine Steuerein- 
richtung mit einer auf den Eingang eines Tele- 
fonanrufs in der entsprechenden Fernsprech- 
leitung ansprechenden Einrichtung und eine 
Signalausgabeeinrichtung aufweist, die zur 
Ausgabe eines Sicherheitscodeanforderungssi- 
gnals in der Fernsprechleitung bei Eingang 



2. Vorrichtung nach Anspruch 1 , bei der die Si- 
gnalausgabeeinrichtung der Reihe nach jeden 

40 Sicherheitscode auswa'hlt und fUr jeden einge- 

gangenen Telefonanruf ein dem als nSchsten 
an der Reihe seienden Sicherheitscode zuge- 
ordnetes Sicherheitscodeanforderungssignal 
ausgibt 

45 

3. Vorrichtung nach Anspruch 2, die eine Einrich- 
tung zur Anzeige, da/S alle Sicherheitscodes 
ausgewShit worden sind, aufweist. 

so 4. Vorrichtung nach Anspruch 1 , 2 Oder 3, bei der 
die Speichereinrichtung (212) so ausgebildet 
ist, daB jeder Sicherheitscode und jedes zuge- 
ordnete Sicherheitscodeanforderungssignal 
beide im Speicher gespeichert sind, wodurch 

55 die Signale und die Sicherheitscodes zufallig 

aus einer Anzahl ausgewahlt werden, die gro- 
fler ist als die Anzahl der Sicherheitscodes. 
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5. Vorrichtung nach Anspruch 1 , bei der die Steu- 
ereinrichtung der zweiten Einheit (11) eine Ein- 
richtung (20) aufweist, die einen einem Sicher- 
heitscode in der Erscheinung ahnlichen Code 
erzeugt, wenn ein einem Sicherheitscodeanfor- 
derungssignal in der Erscheinung ahniiches, 
jedoch von diesem unterschiedliches Signal 
von der zweiten Einheit angenommen wird. 

6. Vorrichtung nach Anspruch 1 , bei der die Spei- 
chereinrichtung (212) jeder der Einheiten in 
einer Sicherheits-ChiffrierschlUsseleinrichtung 
(21 A) vorgesehen ist, die von der ersten und 
der zweiten Einheit trennbar ist. 

7. Vorrichtung nach Anspruch 6, bei der die 
Sicherheits-ChiffrierschlUsseleinrichtung(21A) 
eine Sicherheitslogiksteuereinheit (211) auf- 
weist, die beim Einschreiben der Sicherheits- 
codes in die Speichereinrichtung (212) das Le- 
sen der Sicherheitscodes aus der Speicherein- 
richtung bis zum Eingang eines Befehls verhin- 
dert und den Eingang des Befehls aufzeichnet, 
wobei die Einheit eine Einrichtung (343) zur 
Entscheidung und zur Anzeiga des Eingangs 
des Befehls in dem Chiffrierschlussel aufweist, 
wobei die Einrichtung zur Entscheidung bei 
Einfuhrung des ChiffrierschlGssels in die Ein- 
heit aktiviert wird, wodurch ein Anwender ent- 
scheiden kann. ob ein Sicherheits-Chiffrier- 
schlussel vor Einfuhrung in die Einheit gelesen 
worden ist. 

8. Sicherheitseinheit mit einem Speicher zur 
Speicherung angeforderter Informationen zur 
AusfClhrung von Funktionen in der Einheit, da- 
durch gekennzeichnet, da/3 ein Sicherhelts^ 
Chiffrierschlussel (21 A) vorgesehen ist, der die 
Speichereinrichtung (212), eine Sicherheitslo- 
gikschaitung (211), die Zugang zur Speicher- 
einrichtung (212) gewShrt, und ein GehSuse 
(215), das die Speichereinrichtung (212) und 
die Schaitung (211) lagert, aufweist, wodurch 
der ChiffrierschlGssel (214) aus der Einheit (10, 
11) herausgezogen und von ihr entfernt war- 
den kann, wobei die Schaitung eine Einrich- 
tung zur Erzeugung eines ersten Zustands, bei 
dem die angeforderte information in die Spei- 
chereinrichtung geschrieben werden kann, ei- 
nes zweiten Zustands, in dem die Speicherein- 
richtung abgeschlossen ist und nicht gelesen 
werden kann, und eines dritten Zustands, in 
dem die Speichereinrichtung gelesen werden 
kann, aufweist, wobei die Zustandserzeugungs- 
einrichtung (218) den Ubergang vom dritten 
Zustand in den zweiten Zustand auOer Uber 
den ersten Zustand und die Loschung von 
Informationen in der Speichereinrichtung ver- 



hindert, wobei der Sicherheits-ChiffrierschlOs- 
sel des weiteren eine Einrichtung (216) zum 
Empfang eines Befehlssignals fur den Gber- 
gang aus dem zweiten Zustand in den dritten 
5 Zustand aufweist, und da£ die Einheit eine 

Einrichtung (343) zur Erfassung, daJ3 das Be- 
fehlssignal empfangen worden ist, aufweist. 

9. Sicherheitseinheit nach Anspruch 8, bei der die 
w Erfassungseinrichtung (343) eine Einrichtung 

zum Lesen der Speichereinrichtung und zur 
Erzeugung eines die Lesbarkeit der Speicher- 
einrichtung anzeigenden Anzeige aufweist. 

75 10. Sicherheitseinheit nach Anspruch 8 oder 9, bei 
der die Einheit und der Chiffrierschlussel (21 A) 
so eingerichtet sind, da£ eine Entfernung des 
Chiffrierschlussels von der Einheit dazu fuhrt, 
da/i der Speichereinrichtung (212) die Energie 

20 entzogen wird. 

RevendJcatfons 

1. Un dispositif de securite" de teiecommunica- 

25 tions pour utilisation sur le rSseau telephonique 

commute comprenant une premiere et une 
deuxieme unites congues chacune pour inser- 
tion dans les lignes telephoniques respectives 
raccordant un dispositif d'utilisateur et le r§- 

30 seau telephonique, ladite premiere unite* com- 

portant des moyens de command sensibles a 
la reception d'un appel telephonique sur ladite 
ligne telephonique respective, et des moyens 
generateurs de signal susceptibies. suite a la 

as reception dudit appel teiephonique, d'6mettre 

sur ladite iigne, un signal de demande de code 
de securite, ladite deuxieme unite comportant 
des moyens de commande munis de moyens 
sensibles a la reception dudit signal de de- 

40 mande de code de securite afin de g£n£rer un 

code de s6curite" associe" audit signal de de- 
mande de code de securite et d'emettre, sur 
sa ligne teiephonique respective, ledit code de 
securite, lesdits moyens de commande de la 

45 premiere unite comprenant egalement des 

moyens pour comparer un code de securite 
regu sur ladite ligne teiephonique avec un 
code de securite qui y est incorpore et pour 
permettre la transmission vers ledit dispositif 

so respectif d'utilisateur dudit appel teiephonque 

uniquement dans le seul cas ou il y a corres- 
pondence entre le code de securite recu et 
ledit code de securite incorpore, caracterise en 
ce que chacune desdites unites (10, 11) com- 

55 prend des moyens de memoire (212) gardant 

en memoire une plurality de codes de securite, 
lesdits codes de securite stockes dans la pre- 
miere unite (10) etant identiques a ceux stoc- 
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k£s dans la deuxieme unite (11) et chaque 
code de security etant associe, dans ladite 
memoire, a un signal correspondant de de- 
mande de code de securite de maniere a ce 
que ladite deuxieme unite (11) genere ledit 
code de security en extrayant de ladite me- 
moire celui des codes de securite qui est 
associee au signal correspondant de demande 
de code de securite, et en ce que lesdits 
moyens de generation de signal sont adaptes, 
suite a la reception de chacun des appels 
teiephoniques suivants sur ladite ligne, a emet- 
tre sur ladite ligne un signal de demande de 
code de security associe a un autre desdits 
codes de security. 

2. L'invention selon la revendication 1, dans le- 
quel les moyens de generation de signal (20) 
sont concus afin de sSlectionner chaque code 
de securite" dans I'ordre Tun apres 1'autre et de 
maniere a ce que chaque appei teiephonique 
genere un signal de demande de code de 
securite" qui est associe au code de securite 
qui, dans I'ordre. est le suivant. 

3. L'invention selon la revendication 2, compor- 
tant des moyens (341) pour indiquer quand 
tous les codes de securite ont 6te" seiection- 
n6s. 

4. L'invention selon la revendication 1, 2 ou 3, 
dans lequel lesdits moyens de memoire (212) 
sont agenc£s d'une telle maniere que chaque 
code de securite* et chacun desdits signaux de 
demande de code de securite* qui y est asso- 
cie' soient stockes tous les deux dans ladite 
memoire de sorte que lesdits signaux et les- 
dits codes de securite soient selectionnSs au 
hasard hors d'ucn nombre de ceux-ci qui est 
superieure au nombre de codes de securite. 

5. L'invention selon la revendication 1, dans le- 
quel les moyens de commande de la deuxie- 
me unite* (11) comporte des moyens (20) sus- 
ceptibles de g£nerer un code qui ressemble a 
un code de securite* quand un signal qui res- 
semble a lui mais qui est different d'un signal 
de demande de code de securite* est recu par 
ladite deuxieme unite. 

6. L'invention selon la revendication 1, dans le- 
quel lesdits moyens de memoire (212) de cha- 
cune desdites unites sont munis d'un dispositif 
a clef de securite (21 A) qui est separable de 
ladite premiere et de ladite deuxieme unite's. 

7. L'invention selon la revendication 6, dans le- 
quel le dispositif a clef de securite* (21 A) com- 



porte un circuit logique de commande de se- 
curite (211) adapted suite a recriture desdits 
codes de securite* dans ladite memoire (212) a 
empecher la lecture desdits codes de securite 

5 a partir desdits moyens de memoire jusqu'a la 

reception d'une commande et a enregistrer la 
reception de ladite commande, ladite unite 
comportant des moyens (343) pour determiner 
et pour indiquer la reception de ladite com- 

io mande par ladrte clef, lesdits moyens de deter- 

mination etant actives par Tinsertion de ladite 
clef dans ladite unite de maniere a ce qu'un 
utilisateur puisse determiner si une clef de 
securite* a ete lue avant d'inserer cette derniere 

75 dans ladite unite. 

8. Un dispositif de securite comprenant une me- 
moire de stockage des donnees necessaires a 
la realisation de certain es fonctions de ladite 

20 unite, caracteVise* en ce qu'il comprend une 

clef de securite (21 A) qui inclut ladite memoire 
(212), un circuit logique de sScurite (211) assu- 
rant I'acces a la memoire (212), un boTtier 
(215) supportant ladite memoire (212) et le 

25 circuit (211), la clef (214) etant susceptible 

d'etre extraite et enlevee de ''untie (10, 11), 
ledit circuit comportant des moyens suscepti- 
bles d'assurer un premier etat permettant 
I'ecriture des informations necessaires dans la 

so memoire, et un deuxieme etat dans lequel la 

memoire est verrouillee et ne peut pas etre 
lue, et un troisieme etat permettant la lecture 
de la memoire, lesdits moyens (218) suscepti- 
bles d'assurer un etat etant agences afin d'em- 

as p§cher un basculement a partir dudit troisieme 

etat vers ledit deuxieme etat sauf sute a un 
passage par ledit premier etat avec I'efface- 
ment des informations dans ladite memoire, et 
des moyens (216) de reception d'un signal de 

do commande de basculement dudit deuxieme 

etat audit troisieme etat, et en ce que ladite 
unite comporte des moyens (343) pur detecter 
la reception dudit signal de commande. 

45 9. L'invention selon la revendication 8, dans le- 
quel lesdits moyens de detection (343) com- 
prend des moyens adaptes a lire ladite me- 
moire et a fournir une indication que ladite 
memoire est lisible. 

50 

10. L'invention selon la revendication 8 ou 9, dans 
lequel ladite unite et ladite clef (21 A) sont 
agencees d'une telle maniere que Tenlevement 
de ladite clef de ladite unite supprime I'alimen- 
55 tation eiedrique de ladite memoire (212). 
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